Store Credit Card Information in Password Manager?Store credit card numbers in password manager?Protecting my high-value passwords against offline attacksHow to securely store and manage one-time backup codes for 2FA?How to reduce trouble in case I lose access to my password manager?Password managers with U2F security risksEncrypted volume vs password manager - security benefitsPassword generation scheme using master password, site-name, and usernamePassword management with two factor authenticationHardware-Based Password ManagerStore credit card numbers in password manager?How should clients' passwords be managed?
Applying a function to a nested list
Password expiration with Password manager
Why are notes ordered like they are on a piano?
How did Captain America use this power?
Pressure to defend the relevance of one's area of mathematics
Is it cheaper to drop cargo than to land it?
Unexpected email from Yorkshire Bank
How to creep the reader out with what seems like a normal person?
Save terminal output to a txt file
Did we get closer to another plane than we were supposed to, or was the pilot just protecting our delicate sensibilities?
How did Arya get back her dagger from Sansa?
CRT Oscilloscope - part of the plot is missing
Which skill should be used for secret doors or traps: Perception or Investigation?
Any examples of headwear for races with animal ears?
If Melisandre foresaw another character closing blue eyes, why did she follow Stannis?
What happens if I start too many background jobs?
Feels like I am getting dragged into office politics
Why is Thanos so tough at the beginning of "Avengers: Endgame"?
How to reply this mail from potential PhD professor?
Is thermodynamics only applicable to systems in equilibrium?
Why do money exchangers give different rates to different bills
Has any spacecraft ever had the ability to directly communicate with civilian air traffic control?
How do I tell my manager that his code review comment is wrong?
How does NAND gate work? (Very basic question)
Store Credit Card Information in Password Manager?
Store credit card numbers in password manager?Protecting my high-value passwords against offline attacksHow to securely store and manage one-time backup codes for 2FA?How to reduce trouble in case I lose access to my password manager?Password managers with U2F security risksEncrypted volume vs password manager - security benefitsPassword generation scheme using master password, site-name, and usernamePassword management with two factor authenticationHardware-Based Password ManagerStore credit card numbers in password manager?How should clients' passwords be managed?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
asked Mar 22 at 16:42
SuimonSuimon
2107
add a comment |
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
asked Mar 22 at 16:42
SuimonSuimon
2107
add a comment |
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
asked Mar 22 at 16:42
SuimonSuimon
2107
For convenience purposes I manage my passwords with the password manager Bitwarden on my personal computer and smartphone with autofill function (but with asking for the master password or fingerprint first every time).
I was just thinking about also adding my credit card information (which is used to log into the online banking stuff) to my vault, but since that seems like such important data, I'm not sure if it would be safe or if this even is a good idea. Any opinions?
I also saw this question on here, but it rather deals with whether that is reasonable from a law standpoint.
passwords password-management password-cracking credit-card
passwords password-management password-cracking credit-card
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
asked Mar 22 at 16:42
SuimonSuimon
2107
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
asked Mar 22 at 16:42
SuimonSuimon
2107
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
edited Mar 22 at 16:58
schroeder♦
79.8k30177214
79.8k30177214
asked Mar 22 at 16:42
SuimonSuimon
2107
asked Mar 22 at 16:42
SuimonSuimon
2107
asked Mar 22 at 16:42
SuimonSuimon
2107
2107
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards. There is always the inherent risk of recording any of this sensitive information, but if you have already accepted that risk for your passwords, then your credit card info does not materially increase your risks.
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
1
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
|
show 2 more comments
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205894%2fstore-credit-card-information-in-password-manager%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards. There is always the inherent risk of recording any of this sensitive information, but if you have already accepted that risk for your passwords, then your credit card info does not materially increase your risks.
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
1
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
|
show 2 more comments
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards. There is always the inherent risk of recording any of this sensitive information, but if you have already accepted that risk for your passwords, then your credit card info does not materially increase your risks.
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
1
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
|
show 2 more comments
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards. There is always the inherent risk of recording any of this sensitive information, but if you have already accepted that risk for your passwords, then your credit card info does not materially increase your risks.
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
The question might come down to: which piece of data has a higher level of risk, your passwords or your credit card info?
Your passwords can be used without you ever knowing about it. Passwords let someone into every aspect of your life with, potentially, every secret bit of information about you that you hold. So, it is possible for someone with your password to completely take over your life without you being aware until it is too late.
Credit card use will be noticed on your next statement, or as soon as your card company posts its use. You also have several types of recourse to dispute charges and have them reversed.
One might suggest that credit cards can be used to set up new cards or other lines of credit, but the same could be said with the information provided by passwords.
Passwords are the higher risk. Credit card info has numerous mitigations in place to protect you.
So, if you trust your password manager with your passwords, there is no increased risk with trusting it with your credit cards. There is always the inherent risk of recording any of this sensitive information, but if you have already accepted that risk for your passwords, then your credit card info does not materially increase your risks.
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
edited Mar 23 at 14:13
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
answered Mar 22 at 17:04
schroeder♦schroeder
79.8k30177214
79.8k30177214
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
1
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
|
show 2 more comments
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
1
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
That's what I believe. I think it's important to explain that but I'm not brave enough to tell other people it's okay. It might not be the same outside the US due to legal or economic reasons.
– Future Security
Mar 22 at 17:28
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
@FutureSecurity What are you talking about? I mentioned several things that you could be referring to. (and I'm not in the US).
– schroeder♦
Mar 22 at 17:30
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
That stolen passwords can be more damaging than a stolen credit card number. (And I think that I read that UK law, compared to US law, put more responsibility on customers for the security of their own accounts including pins and passwords.)
– Future Security
Mar 22 at 17:32
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
Banks have been putting mitigations in place for decades to handle credit card fraud. It can be a hassle, and it can even cost a lot, but relatively very little in comparison to what can be done with access to the right password.
– schroeder♦
Mar 22 at 17:38
1
1
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
@JohnWu your statements make no sense. I'm not talking about value but about risk. You assume the passwords stored are generated by the tool. There is nothing in the question to support that assumption. Credit card numbers are not exactly secret and the numbers themselves do not have "black market value". Family could use the numbers? Sure. they also have physical access to the credit cards. So, all of your statements make no sense at all.
– schroeder♦
Mar 24 at 9:14
|
show 2 more comments
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
add a comment |
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
add a comment |
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
Password managers can store any kind of secret. (Or at least short plaintext strings.) I have no idea how safe your specific password manager is.
A closed vault should be as secure as your password is. If the vault is opened on some computer, then that machine needs to be trusted. (No key loggers, hardware trojans, snooping super users, etc.)
A good password hashing algorithm allows no method of password cracking better than guess -and-check. The vault will be as difficult to decrypt without the password as it is difficult to guess your password. (That's not technically true because the encryption will likely have a maximum strength of 256 bits. However, that doesn't matter because your master password will be weaker than a 256-bit key and any more than 128-bit security is good enough.)
If your master password is quite strong then it's probably fine, as long as the computer used and the password manager used is secure.
You could also put information in a second vault protected by a stronger master password. That vault also could be put on a well guarded thumb drive. (Which could reduce a hacker's opportunity to break open the closed vault if the thumb drive isn't plugged in when you don't need it and the drive is well guarded.)
It's not necessary to store the vault somewhere else if your password is strong enough.
Make sure the password manager software is something you trust. (Proprietary software is automatically sketchy to me.)
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
answered Mar 22 at 17:21
Future SecurityFuture Security
1,216212
1,216212
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205894%2fstore-credit-card-information-in-password-manager%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
